{"id":"https://openalex.org/W4255302486","doi":"https://doi.org/10.1109/iwast.2013.6595793","title":"Access control enforcement testing","display_name":"Access control enforcement testing","publication_year":2013,"publication_date":"2013-05-01","ids":{"openalex":"https://openalex.org/W4255302486","doi":"https://doi.org/10.1109/iwast.2013.6595793"},"language":"en","primary_location":{"id":"doi:10.1109/iwast.2013.6595793","is_oa":false,"landing_page_url":"https://doi.org/10.1109/iwast.2013.6595793","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2013 8th International Workshop on Automation of Software Test (AST)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://orbilu.uni.lu/handle/10993/15844","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5083301721","display_name":"Donia El Kateb","orcid":null},"institutions":[{"id":"https://openalex.org/I186903577","display_name":"University of Luxembourg","ror":"https://ror.org/036x5ad56","country_code":"LU","type":"education","lineage":["https://openalex.org/I186903577"]}],"countries":["LU"],"is_corresponding":true,"raw_author_name":"Donia El Kateb","raw_affiliation_strings":["Laboratory of Advanced Software SYstems (LASSY), University of Luxembourg Luxembourg, Luxembourg","Security, Reliability and Trust, Interdisciplinary Research Center, SnT"],"affiliations":[{"raw_affiliation_string":"Laboratory of Advanced Software SYstems (LASSY), University of Luxembourg Luxembourg, Luxembourg","institution_ids":["https://openalex.org/I186903577"]},{"raw_affiliation_string":"Security, Reliability and Trust, Interdisciplinary Research Center, SnT","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5029403866","display_name":"Yehia El Rakaiby","orcid":null},"institutions":[{"id":"https://openalex.org/I186903577","display_name":"University of Luxembourg","ror":"https://ror.org/036x5ad56","country_code":"LU","type":"education","lineage":["https://openalex.org/I186903577"]}],"countries":["LU"],"is_corresponding":false,"raw_author_name":"Yehia El Rakaiby","raw_affiliation_strings":["Security, Reliability and Trust Interdisciplinary Research Center, SnT, University of Luxembourg, Luxembourg","Security, Reliability and Trust, Interdisciplinary Research Center, SnT"],"affiliations":[{"raw_affiliation_string":"Security, Reliability and Trust Interdisciplinary Research Center, SnT, University of Luxembourg, Luxembourg","institution_ids":["https://openalex.org/I186903577"]},{"raw_affiliation_string":"Security, Reliability and Trust, Interdisciplinary Research Center, SnT","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5003229719","display_name":"Tejeddine Mouelhi","orcid":null},"institutions":[{"id":"https://openalex.org/I186903577","display_name":"University of Luxembourg","ror":"https://ror.org/036x5ad56","country_code":"LU","type":"education","lineage":["https://openalex.org/I186903577"]}],"countries":["LU"],"is_corresponding":false,"raw_author_name":"Tejeddine Mouelhi","raw_affiliation_strings":["Security, Reliability and Trust Interdisciplinary Research Center, SnT, University of Luxembourg, Luxembourg","Security, Reliability and Trust, Interdisciplinary Research Center, SnT"],"affiliations":[{"raw_affiliation_string":"Security, Reliability and Trust Interdisciplinary Research Center, SnT, University of Luxembourg, Luxembourg","institution_ids":["https://openalex.org/I186903577"]},{"raw_affiliation_string":"Security, Reliability and Trust, Interdisciplinary Research Center, SnT","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5040574362","display_name":"Yves Le Traon","orcid":"https://orcid.org/0000-0002-1045-4861"},"institutions":[{"id":"https://openalex.org/I186903577","display_name":"University of Luxembourg","ror":"https://ror.org/036x5ad56","country_code":"LU","type":"education","lineage":["https://openalex.org/I186903577"]}],"countries":["LU"],"is_corresponding":false,"raw_author_name":"Yves Le Traon","raw_affiliation_strings":["Laboratory of Advanced Software SYstems (LASSY), University of Luxembourg Luxembourg, Luxembourg","Security, Reliability and Trust, Interdisciplinary Research Center, SnT"],"affiliations":[{"raw_affiliation_string":"Laboratory of Advanced Software SYstems (LASSY), University of Luxembourg Luxembourg, Luxembourg","institution_ids":["https://openalex.org/I186903577"]},{"raw_affiliation_string":"Security, Reliability and Trust, Interdisciplinary Research Center, SnT","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5083301721"],"corresponding_institution_ids":["https://openalex.org/I186903577"],"apc_list":null,"apc_paid":null,"fwci":0.9752,"has_fulltext":false,"cited_by_count":2,"citation_normalized_percentile":{"value":0.88602849,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":94},"biblio":{"volume":null,"issue":null,"first_page":"64","last_page":"70"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10927","display_name":"Access Control and Trust","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},"topics":[{"id":"https://openalex.org/T10927","display_name":"Access Control and Trust","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9980000257492065,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9940000176429749,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/enforcement","display_name":"Enforcement","score":0.8216530084609985},{"id":"https://openalex.org/keywords/access-control","display_name":"Access control","score":0.7857446670532227},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7391531467437744},{"id":"https://openalex.org/keywords/security-policy","display_name":"Security policy","score":0.5733709335327148},{"id":"https://openalex.org/keywords/static-analysis","display_name":"Static analysis","score":0.5376796126365662},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5204116106033325},{"id":"https://openalex.org/keywords/control","display_name":"Control (management)","score":0.45154237747192383},{"id":"https://openalex.org/keywords/law-enforcement","display_name":"Law enforcement","score":0.4186423718929291},{"id":"https://openalex.org/keywords/policy-analysis","display_name":"Policy analysis","score":0.4121696650981903},{"id":"https://openalex.org/keywords/point","display_name":"Point (geometry)","score":0.4119871258735657},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.14032447338104248}],"concepts":[{"id":"https://openalex.org/C2779777834","wikidata":"https://www.wikidata.org/wiki/Q4202277","display_name":"Enforcement","level":2,"score":0.8216530084609985},{"id":"https://openalex.org/C527821871","wikidata":"https://www.wikidata.org/wiki/Q228502","display_name":"Access control","level":2,"score":0.7857446670532227},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7391531467437744},{"id":"https://openalex.org/C154908896","wikidata":"https://www.wikidata.org/wiki/Q2167404","display_name":"Security policy","level":2,"score":0.5733709335327148},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.5376796126365662},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5204116106033325},{"id":"https://openalex.org/C2775924081","wikidata":"https://www.wikidata.org/wiki/Q55608371","display_name":"Control (management)","level":2,"score":0.45154237747192383},{"id":"https://openalex.org/C2780262971","wikidata":"https://www.wikidata.org/wiki/Q44554","display_name":"Law enforcement","level":2,"score":0.4186423718929291},{"id":"https://openalex.org/C123587114","wikidata":"https://www.wikidata.org/wiki/Q2101508","display_name":"Policy analysis","level":2,"score":0.4121696650981903},{"id":"https://openalex.org/C28719098","wikidata":"https://www.wikidata.org/wiki/Q44946","display_name":"Point (geometry)","level":2,"score":0.4119871258735657},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.14032447338104248},{"id":"https://openalex.org/C2524010","wikidata":"https://www.wikidata.org/wiki/Q8087","display_name":"Geometry","level":1,"score":0.0},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.0},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.0},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1109/iwast.2013.6595793","is_oa":false,"landing_page_url":"https://doi.org/10.1109/iwast.2013.6595793","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2013 8th International Workshop on Automation of Software Test (AST)","raw_type":"proceedings-article"},{"id":"pmh:oai:orbilu.uni.lu:10993/15844","is_oa":true,"landing_page_url":"https://orbilu.uni.lu/handle/10993/15844","pdf_url":null,"source":{"id":"https://openalex.org/S4306401815","display_name":"Open Repository and Bibliography (University of Luxembourg)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I186903577","host_organization_name":"University of Luxembourg","host_organization_lineage":["https://openalex.org/I186903577"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"8th International Workshop on Automation of Software Test (AST), 2013, 64-70 (2012-05); 8th International Workshop on Automation of Software Test (AST), 2013, San Francisco, United States [US], from 18-05-2013 to 19-05-2013","raw_type":"peer reviewed"},{"id":"pmh:oai:orbilu.uni.lu:10993/26529","is_oa":true,"landing_page_url":"http://orbilu.uni.lu/handle/10993/26529","pdf_url":null,"source":{"id":"https://openalex.org/S4306401815","display_name":"Open Repository and Bibliography (University of Luxembourg)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I186903577","host_organization_name":"University of Luxembourg","host_organization_lineage":["https://openalex.org/I186903577"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by-nc-sa","license_id":"https://openalex.org/licenses/cc-by-nc-sa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Abstract book of 2013 8TH INTERNATIONAL WORKSHOP ON AUTOMATION OF SOFTWARE TEST (AST), 64-70. New York: Ieee (2013).","raw_type":null}],"best_oa_location":{"id":"pmh:oai:orbilu.uni.lu:10993/15844","is_oa":true,"landing_page_url":"https://orbilu.uni.lu/handle/10993/15844","pdf_url":null,"source":{"id":"https://openalex.org/S4306401815","display_name":"Open Repository and Bibliography (University of Luxembourg)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I186903577","host_organization_name":"University of Luxembourg","host_organization_lineage":["https://openalex.org/I186903577"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"8th International Workshop on Automation of Software Test (AST), 2013, 64-70 (2012-05); 8th International Workshop on Automation of Software Test (AST), 2013, San Francisco, United States [US], from 18-05-2013 to 19-05-2013","raw_type":"peer reviewed"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions","score":0.7799999713897705}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":17,"referenced_works":["https://openalex.org/W1563423869","https://openalex.org/W2039901409","https://openalex.org/W2053570754","https://openalex.org/W2098393750","https://openalex.org/W2099438987","https://openalex.org/W2108986682","https://openalex.org/W2134226558","https://openalex.org/W2139983434","https://openalex.org/W2144642244","https://openalex.org/W2151315194","https://openalex.org/W2154765153","https://openalex.org/W2160207938","https://openalex.org/W3159677200","https://openalex.org/W6607387808","https://openalex.org/W6633648119","https://openalex.org/W6683686944","https://openalex.org/W7028630490"],"related_works":["https://openalex.org/W2393973626","https://openalex.org/W2105261429","https://openalex.org/W2107355607","https://openalex.org/W2012419258","https://openalex.org/W318167434","https://openalex.org/W1482564230","https://openalex.org/W4285408982","https://openalex.org/W2127259385","https://openalex.org/W2004929657","https://openalex.org/W3178932601"],"abstract_inverted_index":{"A":[0],"policy-based":[1],"access":[2,16,21,34,72,128,169],"control":[3,73,170],"architecture":[4],"comprises":[5],"Policy":[6,26],"Enforcement":[7],"Points":[8],"(PEPs),":[9],"which":[10,44],"are":[11,40],"modules":[12],"that":[13,105],"intercept":[14],"subjects":[15],"requests":[17],"and":[18,51,66],"enforce":[19],"the":[20,30,33,68,94,102,110,116,130,139,143,147,156],"decision":[22,35],"reached":[23],"by":[24,109,155],"a":[25,76,85,90,164],"Decision":[27],"Point":[28],"(PDP),":[29],"module":[31],"implementing":[32,167],"logic.":[36],"In":[37,56],"applications,":[38],"PEPs":[39],"generally":[41],"implemented":[42],"manually,":[43],"can":[45],"introduce":[46],"errors":[47,153],"in":[48,75],"policy":[49,131],"enforcement":[50,70,152],"lead":[52],"to":[53,63,100,123,149],"security":[54],"vulnerabilities.":[55],"this":[57],"paper,":[58],"we":[59,82],"propose":[60],"an":[61,168],"approach":[62,88,159],"systematically":[64],"test":[65],"validate":[67],"correct":[69],"of":[71,93,115,138,146],"policies":[74],"given":[77],"target":[78,95],"application.":[79],"More":[80],"specifically,":[81],"rely":[83],"on":[84],"two":[86],"folded":[87],"where":[89],"static":[91],"analysis":[92,114,137],"application":[96,117,140],"is":[97,118,132],"first":[98],"made":[99],"identify":[101],"sensitive":[103,127],"accesses":[104],"could":[106],"be":[107],"regulated":[108],"policy.":[111,171],"The":[112,135,158],"dynamic":[113,136],"then":[119],"conducted":[120],"using":[121,163],"mutation":[122],"verify":[124],"for":[125],"every":[126],"whether":[129],"correctly":[133],"enforced.":[134],"also":[141],"gives":[142],"exact":[144],"location":[145],"PEP":[148],"enable":[150],"fixing":[151],"detected":[154],"analysis.":[157],"has":[160],"been":[161],"validated":[162],"case":[165],"study":[166]},"counts_by_year":[{"year":2020,"cited_by_count":1},{"year":2015,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}